spear phishing: types of attack and how to protect oneself.

 

• In general, spear phishing attack use emails and attachments for attack.
• Spear phishing target can be anyone in the organization, it doesn’t matter what one holds in organization

Phishing –

It is a type of scam that involves tricking users to give up their private keys and personal information. In this, the accused generally disguises itself as a legitimate person and tries to win the trust of the person. Once the accused succeeds in gaining the trust of the person, then he/she uses the individual’s personal information to steal their cryptocurrency.

Spear Phishing –

It is a type of phishing method where a group of individuals and individuals are targeted within an organization. It is a type of phishing which uses various malicious tactics such as emails, social media, instant messaging and other platforms to get users personal information that causes data loss, financial loss and network compromise.  Phishing attack mainly rely on shotgun method which includes sending mails to hundreds of random individuals whereas in spear phishing a prior detail analysis is done and focuses on a specific target. 

In general, spear phishing attack use emails and attachments for attack. The email carries the information related to a specific individual, including its name , its rank in the organization. There are high chances that individuals will get trapped in the web, from opening email to seeing attachment.  

Spear phishing is a more targeted attack, in which the attacker does all research regarding the topic, targeted individual. In spear phishing, targeted person are those individual, who occupy a major position in the organization or the person who carries the confidential information of the organization. Trend Micro, a research firm, found that 90 percent of the targeted attacks in 2012 were spear phishing.

To execute spear phishing attack, attackers use a reconnaissance methode, which means complete observation of the region or area, before launching their attack. Under this they gather multiple out  of offices from a company to determine how they designed their cyber security platform, like how they format email addresses and find opportunities for targeted attack campaigns. Other attackers use social media and other sources to gather information.

How to prevent spear phishing attack

Anyone in the organization can be the target of a spear phishing attack, it doesn’t  matter on which rank an individual is, they can target anyone to snoop inside the organization’s board room. There some ways to protect oneself from the spear phishing attack – 

• Protecting oneself from spear phishing, we shouldn’t follow the instructions mentioned in the unsolicited mails and unexpected mails and should try to verify the sender by phone call or face-to-face interaction.
• One should be aware of basic tactics used in spear phishing like social media, sending emails-mentioning about some urgency, tax related fraud, or CEO fraud.
• Should refrain from downloading or clicking on attachments sent by the unknown sources.
• Threats that come vai emails using hosted email addresses and antispam protection.